Re: [PHP] Stripslashes
What are these magic quotes anyways?. What are they used for? escaping? Regards, Ravi. On Tue, Nov 16, 2010 at 11:44 PM, Adam Richardson simples...@gmail.comwrote: On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were still in the data posted. I used : $fname = stripslashes($_POST['fname']); I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\, but got the original spelling. In this case, you should get the original, if I'm understanding correctly. Think of it like a basic math problem: Step 1: Happens automatically when you submit the form and PHP receives the form variables input + slashes = slashed_input Step 2: This happens when you call stripslashes. slashed_input - slashes = input The goal of stripslashes is that it will undo what happened automatically using magic_quotes_gpc (which essentially calls addslashes on the GPC vars behind the scenes) so you'll end up with the original input. So, working through your example: 1. You inputted into a form G\\a//r\y\\ and submitted the form. 2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y). 3. You called stripslashes (G\\a//r\y\\). I added: echo stripslashes($fname); and did get the expected result on the page, but not in the email from the $_POST. Here, you called stripslashes on something already stripped once, so you now have a new value (G\a//ry\). I also tried $fname = (stripslashes($_POST['fname'])); This would be no different than your attempt without enclosing parentheses. Now, let me just say that I detest magic_quotes, and it's best to run with them disabled so you don't even have to worry about this kind of issue (they've been deprecated.) But, perhaps you were just trying to learn about some piece of legacy code. Hope the explanation helps, Gary. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
RE: [PHP] Stripslashes
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell r...@cbord.com wrote:
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Bob,
Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpchttp://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpcis
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form.
So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.
Thanks,
Ravi.
Re: [PHP] Stripslashes
stripslashes() is rife with gaping security holes. For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.
For outputting data on the page you should ideally be using
htmlspecialchars($var, ENT_QUOTES);
cheers,
Russ
On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot r...@ravigehlot.net wrote:
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell r...@cbord.com wrote:
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Bob,
Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the following:
An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpchttp://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpcis
*on* (it's on by default), and you aren't inserting this data into a place
(such as a database) that requires escaping. For example, if you're simply
outputting data straight from an HTML form.
So that means that stripslashes() isn't intended for DB insertions but only
straight output. So I will remove it from my code.
Thanks,
Ravi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On Wed, Dec 22, 2010 at 4:21 PM, Russell Dias rus...@gmail.com wrote:
stripslashes() is rife with gaping security holes. For mysql
insertion rely on mysql_real_escape_string() or alternatively, you can
use prepared statements.
For outputting data on the page you should ideally be using
htmlspecialchars($var, ENT_QUOTES);
cheers,
Russ
On Thu, Dec 23, 2010 at 6:48 AM, Ravi Gehlot r...@ravigehlot.net wrote:
On Wed, Dec 22, 2010 at 3:34 PM, Bob McConnell r...@cbord.com wrote:
From: Ravi Gehlot
What are these magic quotes anyways?. What are they used for?
escaping?
I wasn't there at the time, but I gather that the general idea was to
automagically insert escape characters into data submitted from a form.
However, they used a backslash as the escape character, which is not
universally recognized across database engines. Even the SQL standard
defines an escape as a single quote character.
We used to have magic quotes enabled, and came up with the following
code to clean up the mess it caused.
// If magic quotes is on, we want to remove slashes
if (get_magic_quotes_gpc()) {
// Magic quotes is on
$response = stripslashes($_POST[$key]);
} else {
$response = $_POST[$key];
}
For future releases of PHP, this will also need a check to see if
get_magic_quotes_gpc() exists first.
Bob McConnell
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Bob,
Thank you very much. This is good information. What I found out from
http://us2.php.net/manual/en/function.stripslashes.php was the
following:
An example use of *stripslashes()* is when the PHP directive
magic_quotes_gpc
http://us2.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
is
*on* (it's on by default), and you aren't inserting this data into a
place
(such as a database) that requires escaping. For example, if you're
simply
outputting data straight from an HTML form.
So that means that stripslashes() isn't intended for DB insertions but
only
straight output. So I will remove it from my code.
Thanks,
Ravi.
Hello Russell,
When you use htmlspecialchars() it tries to escape single/double quotes with
a bunch of backslashes. I had stripslashes() in an attempt to try to get the
backslashes away but it didn't. So the solution was to disable magic quotes
in php.ini. With GoDaddy shared hosting, I had to rename php.ini over to
php5.ini in order to have this to work. Also had to include the command like
responsible for disabling magic quotes. Everything is good and clean now.
Now you type for example Hunter's Reserve Circle and it keeps it as it is.
Before it would print something like Hunter'///s Reserve Circle.
With double quote, the situation would be even worse.
mysql_real_escape_string() is a must in order to avoid SQL injections.
Regards,
Ravi.
RE: [PHP] Stripslashes
-Original Message- From: Gary [mailto:gp...@paulgdesigns.com] Sent: Wednesday, November 17, 2010 2:17 PM To: php-general@lists.php.net Subject: Re: [PHP] Stripslashes snip I also assume that until php 6 is out and or I upgrade to it, I will have to deal with magic_quotes? Thank you for your help. Gary Gary, You'll have to wait a very long time for that. IIRC, the official word (via windows list) is that PHP 6 is cancelled. The next official release is 5.4. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Adam Richardson simples...@gmail.com wrote in message news:aanlktin_9_tfe9q+dc2hoynsavccoyuecudkqd919...@mail.gmail.com... On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were still in the data posted. I used : $fname = stripslashes($_POST['fname']); I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\, but got the original spelling. In this case, you should get the original, if I'm understanding correctly. Think of it like a basic math problem: Step 1: Happens automatically when you submit the form and PHP receives the form variables input + slashes = slashed_input Step 2: This happens when you call stripslashes. slashed_input - slashes = input The goal of stripslashes is that it will undo what happened automatically using magic_quotes_gpc (which essentially calls addslashes on the GPC vars behind the scenes) so you'll end up with the original input. So, working through your example: 1. You inputted into a form G\\a//r\y\\ and submitted the form. 2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y). 3. You called stripslashes (G\\a//r\y\\). I added: echo stripslashes($fname); and did get the expected result on the page, but not in the email from the $_POST. Here, you called stripslashes on something already stripped once, so you now have a new value (G\a//ry\). I also tried $fname = (stripslashes($_POST['fname'])); This would be no different than your attempt without enclosing parentheses. Now, let me just say that I detest magic_quotes, and it's best to run with them disabled so you don't even have to worry about this kind of issue (they've been deprecated.) But, perhaps you were just trying to learn about some piece of legacy code. Hope the explanation helps, Gary. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com Adam Thanks for your reply. So if I disable magic_quotes, and I assume I can do that a script, then the stripslashes would work as the manuel said it would, meaning G\\a//r\y\\ becomes G\a//r'y\ I also assume that until php 6 is out and or I upgrade to it, I will have to deal with magic_quotes? Thank you for your help. Gary __ Information from ESET Smart Security, version of virus signature database 5627 (20101117) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Adam Thanks for your reply. So if I disable magic_quotes, and I assume I can do that a script, then the stripslashes would work as the manuel said it would, meaning G\\a//r\y\\ becomes G\a//r'y\ I also assume that until php 6 is out and or I upgrade to it, I will have to deal with magic_quotes? Thank you for your help. Gary You can disable magic quotes with php.ini or htaccess or toss in the example #2 code on this page if you don't have access to php.ini (each of these examples are listed within the page below): http://php.net/manual/en/security.magicquotes.disabling.php http://php.net/manual/en/security.magicquotes.disabling.phpAdditionally, it doesn't look like you'll have to wait long before you can stop worrying about magic quotes (actually, several distros ship with them turned off: http://www.pubbs.net/201011/php/27311-php-dev-magic-quotes-in-trunk.html http://www.pubbs.net/201011/php/27311-php-dev-magic-quotes-in-trunk.htmlKeep coding, Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
[PHP] Stripslashes
I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were still in the data posted. I used : $fname = stripslashes($_POST['fname']); I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\, but got the original spelling. I added: echo stripslashes($fname); and did get the expected result on the page, but not in the email from the $_POST. I also tried $fname = (stripslashes($_POST['fname'])); But got the same result. Can anyone tell me what I am not understaning? Thank you Gary __ Information from ESET Smart Security, version of virus signature database 5625 (20101116) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On Tue, Nov 16, 2010 at 10:10 PM, Gary gp...@paulgdesigns.com wrote: I was doing a test of stripslashes on a $_POST, when I recieved the email, all of the slashes were still in the data posted. I used : $fname = stripslashes($_POST['fname']); I input G\\a//r\y\\, and was expecting, according to the manuel G\a//r*y\, but got the original spelling. In this case, you should get the original, if I'm understanding correctly. Think of it like a basic math problem: Step 1: Happens automatically when you submit the form and PHP receives the form variables input + slashes = slashed_input Step 2: This happens when you call stripslashes. slashed_input - slashes = input The goal of stripslashes is that it will undo what happened automatically using magic_quotes_gpc (which essentially calls addslashes on the GPC vars behind the scenes) so you'll end up with the original input. So, working through your example: 1. You inputted into a form G\\a//r\y\\ and submitted the form. 2. PHP received G\\a//r\y\\ and added slashes (Ga//r\\y). 3. You called stripslashes (G\\a//r\y\\). I added: echo stripslashes($fname); and did get the expected result on the page, but not in the email from the $_POST. Here, you called stripslashes on something already stripped once, so you now have a new value (G\a//ry\). I also tried $fname = (stripslashes($_POST['fname'])); This would be no different than your attempt without enclosing parentheses. Now, let me just say that I detest magic_quotes, and it's best to run with them disabled so you don't even have to worry about this kind of issue (they've been deprecated.) But, perhaps you were just trying to learn about some piece of legacy code. Hope the explanation helps, Gary. Adam -- Nephtali: PHP web framework that functions beautifully http://nephtaliproject.com
Re: [PHP] Stripslashes redundancy question.
On Sun, Oct 24, 2010 at 6:29 PM, Gary gp...@paulgdesigns.com wrote:
In my form processing scripts, I usually have the variable set as so:
$email = stripslashes($_POST['email']);
I have discovered that the program that I use has a pre-written function of
this:
// remove escape characters from POST array
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
}
I just put this in a script that I have been using, leaving the original
stripslashes in the variable. The script still works, but is there a
problem
with redundancy, or does one cancel the other out?
Also, which do you think is a better method to use?
Thank you
Gary
__ Information from ESET Smart Security, version of virus signature
database 5560 (20101024) __
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Gary,
Calling stripslashes() more than once on the same string can cause issues.
That said, I'd point out that as of PHP 5.3, the use of magic_quotes_gpc()
has been deprecated:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpcThis
was after many criticisms were leveled against the use of magic quotes:
http://en.wikipedia.org/wiki/Magic_quotes
So, my inclination is to turn off magic quotes if they're on by using
php.ini -OR- htaccess (if at all possible) rather than checking if they are
on and strip them if needed.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
RE: [PHP] Stripslashes
I'm familiar with the .htaccess file and I am told by the hosting company that apache is set up to use it, I've just never used it much - especially for PHP. If this works I'd even like to set an includes file for PHP. Here is the file. # -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* Limit GET POST order deny,allow deny from all allow from all /Limit Limit PUT DELETE order deny,allow deny from all /Limit AuthName www.site.com AuthUserFile /home/user/public_html/dir/file.pwd AuthGroupFile /home/user/public_html/dir/file.grp php_value magic_quotes_gpc 0 - Thanks -Original Message- From: Larry Garfield [mailto:[EMAIL PROTECTED] Sent: January 15, 2007 12:02 AM To: Beauford; PHP-General Subject: Re: [PHP] Stripslashes Copying this back on list where it belongs... If the apache process on the server is configured to support .htaccess files, then there shouldn't be anything special you need to do. Do you have any other htaccess directives in use that could be affecting it? Remember that it's not htaccess, it's a .htaccess file. Mind the period. On Sunday 14 January 2007 9:56 pm, Beauford wrote: Hi Larry, I'm sending this off list. I put this in the .htaccess file on the hosting server, but still have the same problems. Is there a special way this needs to be done? Thanks Thanks -Original Message- From: Larry Garfield [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 4:39 PM To: php-general@lists.php.net Subject: Re: [PHP] Stripslashes On a real web host, they'll let you have a .htaccess file where you can disable them like so: php_value magic_quotes_gpc 0 (I keep saying real web host because I've just recently had to deal with a few web hosts that a client insisted on that didn't have a standard configuration and didn't support .htaccess files. I lost 6 hours of my life right before Christmas trying to work around that fact, and I can't get them back. If you find yourself in the same situation, vote with your feet and let such hosts die a horrible and bankrupt death.) On Sunday 14 January 2007 10:46 am, Beauford wrote: I just turned off get_magic_quotes in my PHP.ini, but not sure if the hosting company has it on or not once I upload the site. -- Larry GarfieldAIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On 1/14/07, Beauford [EMAIL PROTECTED] wrote: I guess I'm just doing something wrong, 'cause that doesn't work either - nor do the hundreds of other snippets I've used. Here's the scenario. I have a form - after they submit the form it shows what they have entered, this is where I get the \. It also does it if the form redisplays after the user has input invalid data. Just a refresher/reminder, and try to make things simple... escape input/output according to the context: if reading a form variable from POST/GET/COOKIES and magic_gpc is on: unescape the vars via stripslashes other wise do nothing if putting a variable, to a db use the databases escape function before passing it to the db if putting it to html, htmlspecialchar() or htmlenties() the variable before displaying it if putting it in a url, urlencode it. if putting it to X, Xencode it. (where X some other output) When following these guidelines you will be able to find the exact area where the problem is. Curt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On 1/15/07, Beauford [EMAIL PROTECTED] wrote: I'm familiar with the .htaccess file and I am told by the hosting company that apache is set up to use it, I've just never used it much - especially for PHP. If this works I'd even like to set an includes file for PHP. Here is the file. # -FrontPage- Ouch. IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* Honestly this is jibber jabberish, it is protection for them not you, and a reason why i dont supply hosting. Limit GET POST order deny,allow deny from all allow from all /Limit Limit PUT DELETE order deny,allow deny from all /Limit AuthName www.site.com AuthUserFile /home/user/public_html/dir/file.pwd AuthGroupFile /home/user/public_html/dir/file.grp As far as i can gather this is what they told you the apache config is for your domain, probably a typical response from the question you asked. php_value magic_quotes_gpc 0 Aha, check this value by making a phpinfo() page, php.net/phpinfo compare global vs local, local means that is what really is being used. HTH, Curt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't work either -
nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the form it shows
what they have entered, this is where I get the \. It also does it if the
form redisplays after the user has input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have
tried about a hundred different ways of doing this and
nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a
form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST); }
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't
work either - nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the
form it shows what they have entered, this is where I get the
\. It also does it if the form redisplays after the user has
input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have
tried about a hundred different ways of doing this and
nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a
form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST); }
Jim Lucas
--
PHP General Mailing List (http://www.php.net/) To
unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Beauford wrote:
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't
work either - nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the
form it shows what they have entered, this is where I get the
\. It also does it if the form redisplays after the user has
input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have
tried about a hundred different ways of doing this and
nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a
form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST); }
Jim Lucas
--
PHP General Mailing List (http://www.php.net/) To
unsubscribe, visit: http://www.php.net/unsub.php
do you have a way to look at the data in the DB, if so, look to see if
the back slashes are in the db
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On a real web host, they'll let you have a .htaccess file where you can
disable them like so:
php_value magic_quotes_gpc 0
(I keep saying real web host because I've just recently had to deal with a
few web hosts that a client insisted on that didn't have a standard
configuration and didn't support .htaccess files. I lost 6 hours of my life
right before Christmas trying to work around that fact, and I can't get them
back. If you find yourself in the same situation, vote with your feet and
let such hosts die a horrible and bankrupt death.)
On Sunday 14 January 2007 10:46 am, Beauford wrote:
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't
work either - nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the
form it shows what they have entered, this is where I get the
\. It also does it if the form redisplays after the user has
input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have
tried about a hundred different ways of doing this and
nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a
form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST); }
Jim Lucas
--
PHP General Mailing List (http://www.php.net/) To
unsubscribe, visit: http://www.php.net/unsub.php
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it. -- Thomas
Jefferson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Beauford wrote:
I just turned off get_magic_quotes in my PHP.ini, but not sure if the
hosting company has it on or not once I upload the site.
What do you mean by my PHP.ini file? Are you saying that php is
running as a cgi or as an apache mod?
-Original Message-
From: Beauford [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 11:34 AM
To: 'PHP'
Subject: RE: [PHP] Stripslashes
I guess I'm just doing something wrong, 'cause that doesn't
work either - nor do the hundreds of other snippets I've used.
Here's the scenario. I have a form - after they submit the
form it shows what they have entered, this is where I get the
\. It also does it if the form redisplays after the user has
input invalid data.
All this is being done on the same page.
-Original Message-
From: Jim Lucas [mailto:[EMAIL PROTECTED]
Sent: January 14, 2007 1:02 AM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have
tried about a hundred different ways of doing this and
nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a
form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST); }
Jim Lucas
--
PHP General Mailing List (http://www.php.net/) To
unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Copying this back on list where it belongs... If the apache process on the server is configured to support .htaccess files, then there shouldn't be anything special you need to do. Do you have any other htaccess directives in use that could be affecting it? Remember that it's not htaccess, it's a .htaccess file. Mind the period. On Sunday 14 January 2007 9:56 pm, Beauford wrote: Hi Larry, I'm sending this off list. I put this in the .htaccess file on the hosting server, but still have the same problems. Is there a special way this needs to be done? Thanks Thanks -Original Message- From: Larry Garfield [mailto:[EMAIL PROTECTED] Sent: January 14, 2007 4:39 PM To: php-general@lists.php.net Subject: Re: [PHP] Stripslashes On a real web host, they'll let you have a .htaccess file where you can disable them like so: php_value magic_quotes_gpc 0 (I keep saying real web host because I've just recently had to deal with a few web hosts that a client insisted on that didn't have a standard configuration and didn't support .htaccess files. I lost 6 hours of my life right before Christmas trying to work around that fact, and I can't get them back. If you find yourself in the same situation, vote with your feet and let such hosts die a horrible and bankrupt death.) On Sunday 14 January 2007 10:46 am, Beauford wrote: I just turned off get_magic_quotes in my PHP.ini, but not sure if the hosting company has it on or not once I upload the site. -- Larry Garfield AIM: LOLG42 [EMAIL PROTECTED] ICQ: 6817012 If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it. -- Thomas Jefferson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stripslashes
Hi,
Anyone know how I can strip slashes from $_POST variables. I have tried
about a hundred different ways of doing this and nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a form, and it
appeared as O\'Toole.
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Beauford wrote:
Hi,
Anyone know how I can strip slashes from $_POST variables. I have tried
about a hundred different ways of doing this and nothing works.
i.e.
if(!empty($_POST)){
foreach($_POST as $x = $y){
$_POST[$x] = stripslashes($y);
}
}
This came about after someone tried to enter O'Toole in a form, and it
appeared as O\'Toole.
Thanks
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST);
}
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST);
}
Jim Lucas
That will break as soon as you submit an array back through a POST request,
which I do rather often. :-) You need to iterate over the array, and if an
item is an array, iterate over it recursively. array_walk() can be useful
here.
Of course, the real answer is to disable magic quotes in the first place as
they are spawn of Satan. If you're using a web host that doesn't let you do
so, get a real web host.
--
Larry Garfield AIM: LOLG42
[EMAIL PROTECTED] ICQ: 6817012
If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an idea,
which an individual may exclusively possess as long as he keeps it to
himself; but the moment it is divulged, it forces itself into the possession
of every one, and the receiver cannot dispossess himself of it. -- Thomas
Jefferson
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes
Larry Garfield wrote:
On Sunday 14 January 2007 12:01 am, Jim Lucas wrote:
This is what I use, and it has worked ever time.
if ( get_magic_quotes_gpc() ) {
$_POST = array_map(stripslashes, $_POST);
}
Jim Lucas
That will break as soon as you submit an array back through a POST request,
which I do rather often. :-) You need to iterate over the array, and if an
item is an array, iterate over it recursively. array_walk() can be useful
here.
Of course, the real answer is to disable magic quotes in the first place as
they are spawn of Satan. If you're using a web host that doesn't let you do
so, get a real web host.
Had to think about that one and test, but you are right.
Up until this point, I have not had a project that I had to submit
arrays via POST. Just happens that next week, I would have started my
first project that does require me to submit via POST with arrays and I
would have found it then, but anyways, it is fixed now.
on my dev server I have PHP 4.3.11 so I had to build my own work around
for array_walk_recursive, since it is only in PHP5 and newer :(
I am pretty sure that it does what the function does in PHP5
Try this
plaintext?PHP
//stripslashes test
function array_walk_recursive($a, $b, $c=null) {
foreach ( $a AS $k = $v ) {
if ( is_array($v) ) {
array_walk_recursive($v, $b, $c);
$a[$k] = $v;
} else {
$a[$k] = $b($v, $k, $c);
}
}
return true;
}
function my_stripslashes($a, $b, $c='') {
return stripslashes($a);
}
$data[] = addslashes(Jim's new list);
$data[] = addslashes(Tom's new list);
$data[] = array(addslashes(bill's), addslashes(Tracy's));
var_dump($data);
array_walk_recursive($data, my_stripslashes);
var_dump($data);
?
Jim Lucas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes() when reading from the DB
Hi,
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I'd like to know, if I can do stripslashes() directly, as it is suposed
that all data was inserted into DB after slashing the vars. I mean,
should I check or not before if magic_quotes_gpc are on ?
As I know, magic_quotes_gpc has nothing to do with info readed from the
DB, as it only affects Get/Post/Cookie values.
I think to make a check like this:
$result = mysql_query(SELECT );
$row = mysql_fetch_assoc($result);
foreach ($row as $key = $value) {
$row[$key] = stripslashes($value);
}
But not sure if it really necessary, as i'm getting some confusing results.
Any help will be welcome
Regards,
Jordi.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes() when reading from the DB
On Mon, 12 Jul 2004 20:45:12 +0200, Jordi Canals [EMAIL PROTECTED] wrote:
Hi,
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I'd like to know, if I can do stripslashes() directly, as it is suposed
that all data was inserted into DB after slashing the vars. I mean,
should I check or not before if magic_quotes_gpc are on ?
As I know, magic_quotes_gpc has nothing to do with info readed from the
DB, as it only affects Get/Post/Cookie values.
I think to make a check like this:
$result = mysql_query(SELECT );
$row = mysql_fetch_assoc($result);
foreach ($row as $key = $value) {
$row[$key] = stripslashes($value);
}
But not sure if it really necessary, as i'm getting some confusing results.
What you *should* be doing is check for magic quotes when inserting into the DB.
if(!get_magic_quotes_gpc()) {
$value = mysql_real_escape_string($value);
}
$query = 'INSERT INTO table (field) VALUES ('.$value.')';
mysql_query($query);
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes() when reading from the DB
I usually stripslashes() when I read the info from the database (MySQL).
Because the information was inserted after adding slashes, or the
system has magic_quotes_gpc set to ON.
I'd like to know, if I can do stripslashes() directly, as it is suposed
that all data was inserted into DB after slashing the vars. I mean,
should I check or not before if magic_quotes_gpc are on ?
As I know, magic_quotes_gpc has nothing to do with info readed from the
DB, as it only affects Get/Post/Cookie values.
I think to make a check like this:
$result = mysql_query(SELECT );
$row = mysql_fetch_assoc($result);
foreach ($row as $key = $value) {
$row[$key] = stripslashes($value);
}
But not sure if it really necessary, as i'm getting some confusing results.
What you *should* be doing is check for magic quotes when inserting into the DB.
if(!get_magic_quotes_gpc()) {
$value = mysql_real_escape_string($value);
}
$query = 'INSERT INTO table (field) VALUES ('.$value.')';
mysql_query($query);
To add further comment. If you're required to run stripslashes() on
data coming out of your database then you did something wrong. Your
code would have essentially looked like the following before insertion:
$var = addslashes(addslashes($var));
Where 'magic_quotes_gpc = on' essentially executed one of those
addslashes(). The above use of get_magic_quotes_gpc() shows you
how to add slashes just once thus not having a bunch of \' type
badness inside your database. Remember backslashes are only
added to make proper strings for db insertion so the backslashes
should never actually make it into the database.
Regards,
Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes() when reading from the DB
Jordi Canals wrote: I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. I remember being taught this lesson long ago. :) You do not need to strip slashes from the data being read from the database. If you find yourself having to do that, then you're escaping the data twice before it's inserted. You more than likely have magic_quotes_gpc enabled which escapes all incoming GET, POST and COOKIE data and then you are running addslashes() yourself. You should check the magic_quotes setting with get_magic_quotes_gpc() and then determine if you need to use addslashes or mysql_real_escape_string(). -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes() when reading from the DB
Philip Olson wrote: I usually stripslashes() when I read the info from the database (MySQL). Because the information was inserted after adding slashes, or the system has magic_quotes_gpc set to ON. To add further comment. If you're required to run stripslashes() on data coming out of your database then you did something wrong. Your code would have essentially looked like the following before insertion: Wow, here where just my mistake :p I have magic_quotes_gpc at ON and I do not use addslashes. I use a custom .htaccess file to ensure magic_quotes_gpc are ON ... But in a class used to create the forms, there is a striplashes(), so the extrange I've seen. Removed stripslashes from the function, solved the problem. Just have to work to see how manage the form when data comes from a previos post (Which have slashes) or comes from DB (Which have NOT). Thanks to all to help me to clarify this point. Jordi. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] stripslashes()
I need to stripslashes() practically every $value as I pass data from
one
submit to another.
L\'apprentissage d\'une langue ...
Instead of doing it to every $value, someone showed me once something
I
could add something to the beginning of my script. It was some type of
code on a post_var that turned off the addslashes on every $value.
Anyone
have an idea of what I'm talking about?
Either turn off magic_quotes_gpc in php.ini or an .htaccess file or do
something like this:
Foreach($_GET as $key = $value)
{ $_GET[$key] = stripslashes($value); }
and the same for $_POST, etc.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes()
I need to stripslashes() practically every $value as I pass data from one submit to another. L\'apprentissage d\'une langue ... Instead of doing it to every $value, someone showed me once something I could add something to the beginning of my script. It was some type of code on a post_var that turned off the addslashes on every $value. Anyone have an idea of what I'm talking about? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
You could write a function like strippostslashes() that is called on everypage that access the $_POST or $_GET variables... -- Ray On Sat, 2003-03-08 at 23:29, John Taylor-Johnston wrote: I need to stripslashes() practically every $value as I pass data from one submit to another. L\'apprentissage d\'une langue ... Instead of doing it to every $value, someone showed me once something I could add something to the beginning of my script. It was some type of code on a post_var that turned off the addslashes on every $value. Anyone have an idea of what I'm talking about? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
Try this (untestted):
if(get_magic_quotes_gpc()){
foreach($_REQUEST as $vname = $value){
$$vname = stripslashes($vname);
}
}
John Taylor-Johnston wrote:
I need to stripslashes() practically every $value as I pass data from one submit to another.
L\'apprentissage d\'une langue ...
Instead of doing it to every $value, someone showed me once something I could add something to the beginning of my script. It was some type of code on a post_var that turned off the addslashes on every $value. Anyone have an idea of what I'm talking about?
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt
to decrypt it will be prosecuted to the full extent of the law.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes()
I know this is probably an easy question, but I am using stripslashes() on a textarea var, and I don't think it's working. It doesn't error, but in the testarea it doesn't seem to work. Ex: $var = Thank's; $var = stripslashes($var); echo $var; Output = Thank\'s Any ideas? Thanx. -Dade __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
At 01:48 02.03.2003, Dade Register said: [snip] I know this is probably an easy question, but I am using stripslashes() on a textarea var, and I don't think it's working. It doesn't error, but in the testarea it doesn't seem to work. Ex: $var = Thank's; $var = stripslashes($var); echo $var; Output = Thank\'s [snip] This can't work since there are no slashes to strip... stripslashes() strips certain slashes from a string. Assume you have a textarea where the user enters Thank's, so PHP converts this to Thank\'s (assuming magic_quotes is set to on). Using stripslashes() here will get rid of these slashes. BTW - the sample you've sent will output Thank's - what are you doing what you didn't show? -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
Well, only diff is it's a POST from a textarea. With magicquotes on, you're right, it makes Thank's become Thank\'s. how can I get rid of that? I'm posting it to a text file. -Dade --- Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 01:48 02.03.2003, Dade Register said: [snip] I know this is probably an easy question, but I am using stripslashes() on a textarea var, and I don't think it's working. It doesn't error, but in the testarea it doesn't seem to work. Ex: $var = Thank's; $var = stripslashes($var); echo $var; Output = Thank\'s [snip] This can't work since there are no slashes to strip... stripslashes() strips certain slashes from a string. Assume you have a textarea where the user enters Thank's, so PHP converts this to Thank\'s (assuming magic_quotes is set to on). Using stripslashes() here will get rid of these slashes. BTW - the sample you've sent will output Thank's - what are you doing what you didn't show? -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
At 02:05 02.03.2003, Dade Register said: [snip] Well, only diff is it's a POST from a textarea. With magicquotes on, you're right, it makes Thank's become Thank\'s. how can I get rid of that? I'm posting it to a text file. [snip] Use stripslashes(). Try this example: ?php $var = $_REQUEST['blah']; echo 'xmp$REQUEST[\'blah\']: ', $var, \\n; $var = stripslashes($var); echo 'stripslashe\'d: ', $var, '/xmp'; echo 'form method=post', 'textarea name=blah', $var, '/textareabr /', 'input type=submit/form'; ? You will notice the textarea transmits Thank\'s which is displayed in the first line, and stripslashes() removes the backslash and displays Thank's. Note that you also must use the stripslashe'd data when constructing the textarea. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
I know I am doing the exact thing you are If you or someone else doesn't mind, could you look @ http://dragonz-cavern.mine.nu/poems.phps and see what I'm doing wrong? I am trying to parse it before it gets stored in my txt file. plz help. I'd really appreciate it. -Dade --- Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 02:05 02.03.2003, Dade Register said: [snip] Well, only diff is it's a POST from a textarea. With magicquotes on, you're right, it makes Thank's become Thank\'s. how can I get rid of that? I'm posting it to a text file. [snip] Use stripslashes(). Try this example: ?php $var = $_REQUEST['blah']; echo 'xmp$REQUEST[\'blah\']: ', $var, \\n; $var = stripslashes($var); echo 'stripslashe\'d: ', $var, '/xmp'; echo 'form method=post', 'textarea name=blah', $var, '/textareabr /', 'input type=submit/form'; ? You will notice the textarea transmits Thank\'s which is displayed in the first line, and stripslashes() removes the backslash and displays Thank's. Note that you also must use the stripslashe'd data when constructing the textarea. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
At 03:37 02.03.2003, Dade Register said: [snip] I know I am doing the exact thing you are If you or someone else doesn't mind, could you look @ http://dragonz-cavern.mine.nu/poems.phps and see what I'm doing wrong? I am trying to parse it before it gets stored in my txt file. plz help. I'd really appreciate it. [snip] You're doing everything right. If you have a look at the datfile you'll notice there are NO backslashes. Right? Ok, so the culprit must be fgets() - and indeed this can be found in the online manual (http://www.php.net/manual/en/function.fgets.php), in the user comments: php at silisoftware dot com 13-Jun-2002 06:44 Beware of magic_quotes_runtime ! php.ini-recommended for PHP v4.2.1 (Windows) had magic_quotes_runtime set ON, and that addslash'd all input read via fgets() So the solution here is to either add stripslashes() after your datfile read, or to use set_magic_quotes_runtime(0) (see http://www.php.net/manual/en/function.set-magic-quotes-runtime.php). -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
Thanx a lot for your help. It adds to the .dat file. it's not fgets(). Dade [EMAIL PROTECTED]'s That's from the dat file. any other ideas? -Dade --- Ernest E Vogelsinger [EMAIL PROTECTED] wrote: At 03:37 02.03.2003, Dade Register said: [snip] I know I am doing the exact thing you are If you or someone else doesn't mind, could you look @ http://dragonz-cavern.mine.nu/poems.phps and see what I'm doing wrong? I am trying to parse it before it gets stored in my txt file. plz help. I'd really appreciate it. [snip] You're doing everything right. If you have a look at the datfile you'll notice there are NO backslashes. Right? Ok, so the culprit must be fgets() - and indeed this can be found in the online manual (http://www.php.net/manual/en/function.fgets.php), in the user comments: php at silisoftware dot com 13-Jun-2002 06:44 Beware of magic_quotes_runtime ! php.ini-recommended for PHP v4.2.1 (Windows) had magic_quotes_runtime set ON, and that addslash'd all input read via fgets() So the solution here is to either add stripslashes() after your datfile read, or to use set_magic_quotes_runtime(0) (see http://www.php.net/manual/en/function.set-magic-quotes-runtime.php). -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes()
At 04:03 02.03.2003, Dade Register said: [snip] Thanx a lot for your help. It adds to the .dat file. it's not fgets(). Dade [EMAIL PROTECTED]'s That's from the dat file. any other ideas? [snip] add this line vefore and after stripslashes() and see what you get: echo 'xmp', $poem, '/xmp'; If I type I've set it up it should read I\'ve set it up I've set it up or your stripslashes is not working. -- O Ernest E. Vogelsinger (\)ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes and quoted material
Hey all. I noticed a string containing slashes was breaking some code
of mine on an w2k/IIS box running php 4.2.3.
For example -
a href=\http://www.apache.org/\; target=\_blank\
When trying to apply stripslashes, the slashes remained. So I applied
str_replace('\', '', $var) and that worked.
Any idea as to why stripslashes would not remove the slashes in the string?
Thanks for any input.
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes and quoted material
On Wed, 8 Jan 2003, Gerard Samuel wrote:
a href=\http://www.apache.org/\; target=\_blank\
When trying to apply stripslashes, the slashes remained. So I applied
str_replace('\', '', $var) and that worked.
Any idea as to why stripslashes would not remove the slashes in the string?
stripslashes() will unescape single-quotes if magic_quotes_runtime = Off
in your php.ini. If you have magic_quotes_runtime = On, then it will also
unescape double-quotes (and backslashes and NULLs).
~Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] stripslashes and quoted material
I figured out the problem. magic_quotes_sybase was turned on, on the
IIS box.
All is well with stripslashes() again.
Chris Wesley wrote:
On Wed, 8 Jan 2003, Gerard Samuel wrote:
a href=\http://www.apache.org/\; target=\_blank\
When trying to apply stripslashes, the slashes remained. So I applied
str_replace('\', '', $var) and that worked.
Any idea as to why stripslashes would not remove the slashes in the string?
stripslashes() will unescape single-quotes if magic_quotes_runtime = Off
in your php.ini. If you have magic_quotes_runtime = On, then it will also
unescape double-quotes (and backslashes and NULLs).
~Chris
--
Gerard Samuel
http://www.trini0.org:81/
http://dev.trini0.org:81/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stripslashes through an array.........
Hi all is it possible to stripslahes from this query?
$results = mysql_query(SELECT * FROM $DB_Table_A ORDER BY name ASC LIMIT
$page, $limit);
while ($data = (mysql_fetch_array($results)))
{
//-- something here would be nice
}
Thanks..
Regards
R
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes through an array.........
On Sunday 24 November 2002 20:30, Cookra wrote:
Hi all is it possible to stripslahes from this query?
$results = mysql_query(SELECT * FROM $DB_Table_A ORDER BY name ASC LIMIT
$page, $limit);
while ($data = (mysql_fetch_array($results)))
{
//-- something here would be nice
}
Usually, it's not necessary to use stripslashes() on data retrieved from a db.
But if you insist ...
foreach ($data as $key = $value) {
$data[$key] = stripslashes($value);
}
... should work.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
/*
spagmumps, n.:
Any of the millions of Styrofoam wads that accompany mail-order items.
-- Sniglets, Rich Hall Friends
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] StripSlashes Problem
I use the following php code to build a dynamic table retrieving values from a MySQL databases that have been inserted with slashes added - echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.StripSlashes(mysql_result($badgedetails, $i, 'descr')).' tabindex='1'//td; The problem is, if the value to be displayed is for example O'Neill, then the output will look something like - td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='O'Neill' tabindex='1'//td Quite correctly, when this page is rendered, all that will be displayed is O as the apostrophe after the O will be treated as a closing parenthesis. I understand AddSlashes and StripSlashes but how can I utilise them to resolve this issue. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] StripSlashes Problem
I use the following php code to build a dynamic table retrieving values from a MySQL databases that have been inserted with slashes added - echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.StripSlashes(mysql_result($badgedetails, $i, 'descr')).' tabindex='1'//td; The problem is, if the value to be displayed is for example O'Neill, then the output will look something like - td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='O'Neill' tabindex='1'//td Quite correctly, when this page is rendered, all that will be displayed is O as the apostrophe after the O will be treated as a closing parenthesis. I understand AddSlashes and StripSlashes but how can I utilise them to resolve this issue. HTML doesn't understand that a slash means to escape a character. What you need to do is use htmlentities() or htmlspecialchars() on the data before you place it between your quotes. echo td width='100'input name='descr' type='text' size='45' maxlength='20' readonly value='.htmlentities(mysql_result($badgedetails, $i, 'descr')).' tabindex='1'//td; Note: You should not have to be doing stripslashes() on data coming from your database unless magic_quotes_runtime is ON. If your data is coming out with slashes in it, or you can SEE the slashes in the actual data in the database, then you are calling addslashes() twice on your data somehow. I also kind of question why you have mysql_result in there. It's faster to use the mysql_fetch_* functions... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] StripSlashes Problem
John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] StripSlashes Problem
If magic_quotes_gpc is ON, then the data is getting addslashes() automatically on a form submission. If you are doing it again, that's where the problem is. ---John Holmes... - Original Message - From: Mark Colvin [EMAIL PROTECTED] To: '1LT John W. Holmes' [EMAIL PROTECTED] Cc: Php (E-mail) [EMAIL PROTECTED] Sent: Friday, August 02, 2002 6:37 AM Subject: RE: [PHP] StripSlashes Problem John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] StripSlashes Problem
I would suggest you rather do the following ( over and above the htmlentities as already suggested ) In stead of doing echo html with single='quotes'; to rather echo 'html with double=quotes'; The reason is; there is a difference between echo 'stuff' ; and echo stuff; The first (single quotes) is treated as literal content, ie, PHP justs echo's, does no parsing, while the double-quotes means PHP will look at the content between the quotes and parse any variables etc. So, if you are not echoing anything that needs to be parsed, use single quotes. eg. ?php $var = 'testing'; echo '$varbr'; echo $varbr; ? produses: $var testing It just saves on overhead, and in your case, you would not have run into this problem... Mark Colvin wrote: John, Thank you for your reply. My magic_quotes_runtime is set to 'Off'. As you said, I shouldn't have to use StripSlashes but would I still need to use AddSlashes when inserting/updating? I can see the slashes in the database when I look at the tables but I am fairly sure that I do not add slashes twice? Are they being added automatically somewhere as a result of a setting in the php.ini file? With regards to my use of mysql_result as opposed to mysql_fetch_* functions, I was ignorant of the performance hit and I will now re think around my database code. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] StripSlashes Problem
John, Thank you. This solves the problem. Petre, Thank you for your reply. I wasn't aware of the difference and will bear this in mind. This e-mail is intended for the recipient only and may contain confidential information. If you are not the intended recipient then you should reply to the sender and take no further ation based upon the content of the message. Internet e-mails are not necessarily secure and CCM Limited does not accept any responsibility for changes made to this message. Although checks have been made to ensure this message and any attchments are free from viruses the recipient should ensure that this is the case. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stripslashes help
I have a script which emails users from a website form, I have just run the script and got the following in the email A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail message with one of 120 possible subject lines. There are 18 different standard subject headings, including \\\let\\ I have fixed this with stripslashes() but problem I am having is that If a ( ' ) is used in the email and I loose what ever is after ' Running php4.1.2 apache 2.0.36 RH 7.3 My script is $emailbody = stripslashes($_POST[body]); $emailbody = stripslashes($emailbody); $emailsub = stripslashes($_POST[subject]); $emailsub = stripslashes($emailsub); $message = To: From: x Subject: [] x - $emailsub BCC: ; $message .= \n$emailbody; $message .= \n -- ; In the form I typed This is a test this is a 'test' And what I got in the email was This is a test this is a Has anyone a few pointers as to what I am missing... Regards in advance --- Chris Kay Technical Support - Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: (02) 9970 5788 Address: Suite 13, 5 Vuko Place, Warriewood, NSW 2102 Platinum Channel Partner of the Year - Request DSL - Broadband for Business --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes help
Chris (nice name),
Chris Kay wrote:
A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail
Anytime you see three backslashes in a row, the likely case is the
addslashes() has been performed twice. For example, the following two
iterations:
1. The Klez - \The Klez\
2. \The Klez\ - \\\The Klez\\\ (the \ is escaped as \\ and the is
escaped as \)
If your php.ini specifies that magic quotes are on, then that is likely
the reason for one execution of stripslashes() that you might be
overlooking. Otherwise, check your code carefully to ensure that you
know when data has been escaped. A good habit is to use a strict naming
convention to help you:
$clean_data=stripslashes($data);
I have fixed this with stripslashes() but problem I am having is that
If a ( ' ) is used in the email and I loose what ever is after '
When you store this in the database, the single quote terminates the
literal string:
$data=It's hot in Memphis!;
$sql_statement=insert into quotes values('$data');;
echo $sql_statement;
This will give you:
insert into quotes values ('It's hot in Memphis!);
As you can see, your string only consists of It at this point.
$emailbody = stripslashes($_POST[body]);
$emailbody = stripslashes($emailbody);
Well, here's where you're executing stripslashes() twice. See above.
My suggestion is to not try to get your message into a variable that can
be used in an SQL query and be sent in an email. You want these to use
two different formats. For the email, leave the single quotes as they
are; you don't want to see the escaped quotes. For inserting into the
database, make sure they are escaped with stripslashes().
Happy hacking.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes help
Chris (or should I be addressing Chris :) )
Chris S - I think you're confusing stripslashes w/ addslashes, but
everything else I'm an agreement w/.
Chris K - Somewhere you've got addslashes twice. As mentioned, one of those
might be in your php.ini file. That's why you need to stripslashes()
twice...
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 09, 2002 1:54 PM
To: Chris Kay
Cc: PHP General List
Subject: Re: [PHP] Stripslashes help
Chris (nice name),
Chris Kay wrote:
A worm of many subjects \\\The Klez\\\ worm arrives in an e-mail
Anytime you see three backslashes in a row, the likely case is the
addslashes() has been performed twice. For example, the following two
iterations:
1. The Klez - \The Klez\
2. \The Klez\ - \\\The Klez\\\ (the \ is escaped as \\ and the is
escaped as \)
If your php.ini specifies that magic quotes are on, then that is likely
the reason for one execution of stripslashes() that you might be
overlooking. Otherwise, check your code carefully to ensure that you
know when data has been escaped. A good habit is to use a strict naming
convention to help you:
$clean_data=stripslashes($data);
I have fixed this with stripslashes() but problem I am having is that
If a ( ' ) is used in the email and I loose what ever is after '
When you store this in the database, the single quote terminates the
literal string:
$data=It's hot in Memphis!;
$sql_statement=insert into quotes values('$data');;
echo $sql_statement;
This will give you:
insert into quotes values ('It's hot in Memphis!);
As you can see, your string only consists of It at this point.
$emailbody = stripslashes($_POST[body]);
$emailbody = stripslashes($emailbody);
Well, here's where you're executing stripslashes() twice. See above.
My suggestion is to not try to get your message into a variable that can
be used in an SQL query and be sent in an email. You want these to use
two different formats. For the email, leave the single quotes as they
are; you don't want to see the escaped quotes. For inserting into the
database, make sure they are escaped with stripslashes().
Happy hacking.
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Stripslashes help
Martin Towell wrote: Chris S - I think you're confusing stripslashes w/ addslashes, but everything else I'm an agreement w/. You're absolutely right. *blush* Chris K - Ignore my last paragraph, and everything else should make at least partial sense. :-) Ignore this: Well, here's where you're executing stripslashes() twice. See above. My suggestion is to not try to get your message into a variable that can be used in an SQL query and be sent in an email. You want these to use two different formats. For the email, leave the single quotes as they are; you don't want to see the escaped quotes. For inserting into the database, make sure they are escaped with stripslashes(). Happy hacking. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Stripslashes addslashes question ...
Have you echo'd the variables before the addslashes() call, to be sure that
the stripslashes() call is being executed?
Kirk
-Original Message-
From: John Kelly [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 23, 2002 12:59 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Stripslashes addslashes question ...
Hi, can someone tell me why the following results in
evaluated variables
with 2 slashes in front of apostrophys instead of one and how
I can modify
it to only add 1? Thanks!
foreach($_POST as $k=$v){
if (get_magic_quotes_gpc()){
$_POST[$k] = stripslashes($v);
}
$_POST[$k] = addslashes($v);
eval( \$$k = \$_POST[$k]\; );
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Stripslashes addslashes question ...
Hi, can someone tell me why the following results in evaluated variables
with 2 slashes in front of apostrophys instead of one and how I can modify
it to only add 1? Thanks!
foreach($_POST as $k=$v){
if (get_magic_quotes_gpc()){
$_POST[$k] = stripslashes($v);
}
$_POST[$k] = addslashes($v);
eval( \$$k = \$_POST[$k]\; );
}
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/02
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] stripslashes in web forms
Here is the ideea i have a string variable $test that contains let's say : 17 Normally the output on the screen of this string would be echo $test; --- 17 \ There is this function stripslashes which gives me the oportunity to output exactly what i want i mean 17 but this doesnt seem to work in an input box in a web form it outputs only 17 and somehow misses the What is there to do? Thanks in advance Claus -- PHP General Mailing List (http://wwwphpnet/) To unsubscribe, visit: http://wwwphpnet/unsubphp
RE: [PHP] stripslashes in web forms
This should do it: ? $test = 17\ blah; $test = stripslashes($test); ? input type=text name=test value=?=htmlspecialchars($test)? Niklas -Original Message- From: Claudiu [mailto:[EMAIL PROTECTED]] Sent: 4. maaliskuuta 2002 11:56 To: [EMAIL PROTECTED] Subject: [PHP] stripslashes in web forms Here is the ideea.. i have a string variable $test that contains let's say : 17 Normally the output on the screen of this string would be echo $test; --- 17 \ There is this function stripslashes which gives me the oportunity to output exactly what i want... i mean 17 .. .but this doesnt seem to work in an input box in a web form... it outputs only 17 and somehow misses the ... What is there to do? Thanks in advance.. Claus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] StripSlashes() quotes in text boxes
Hi, I have had a few problems retrieving MySql entries that contain quote marks. Slashes have been added before storing an item description such as: 17 SVGA Monitor. They've been removed before display too - and the description appears correctly on a page except when displaying in a text box (for an administrator to edit the item description. When displayed in a text box the description just shows 17. The only solution I can find is to swap the quote marks for quot; when storing the item initially and when any update has been submitted by the user. Is this the best way, and are there any other characters waiting to cause the same problem that I don't know about yet? Thanks, Robert MacCombe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] StripSlashes() quotes in text boxes
Hi Robert, administrator to edit the item description. When displayed in a text box the description just shows 17. The only solution I can find is to swap the quote marks for quot; when storing the item initially you can use htmlspecialchars() function to convet all the html chars. The issue is, when do you convert it, either when you want to display them on browser, or when user INSERT/UPDATE. I think it's better to convert it only when displaying to the browser. so in the DB, the data is still stored as it is, because you might want to display the data somewhere else other than browser, for example email or printing. -- Jimmy All work and no pay makes a housewife. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] stripslashes() not striping slashes
Actually, After coding with PHP since the days me and bourbon shared a cube at Netvision while he developed php3 I think that's something I would know :) The funny issue is that only if I use double stripslashes does it work. e.g. $str = stripslashes($str); // This will NOT do the job. $str = stripslashes(stripslashes($str)); // This will do the job. This is the 1st time ever that I bumped into such a thing... any idea why? Any chance it has to do with the fact that I'm using HTML DIR=RTL ? berber -Original Message- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 25, 2001 6:01 PM To: Boaz Yahav Cc: PHP General (E-mail) Subject: Re: [PHP] stripslashes() not striping slashes Anyone has an idea why stripslashes(); doesn't strip slashes? I have a form that when it's submitted with a ' sign ads slashes to the submit results. I'm taking the variable and sending it through stripslashes(); and yet the slashes remain. You are perhaps thinking it does in-place modification of the argument? ie. stripslashes($a); echo $a; That's not how it works. It returns the stripped string. ie. $a = stripslashes($a); echo $a; -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] stripslashes() not striping slashes
Anyone has an idea why stripslashes(); doesn't strip slashes? I have a form that when it's submitted with a ' sign ads slashes to the submit results. I'm taking the variable and sending it through stripslashes(); and yet the slashes remain. NE1? berber -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes() not striping slashes
Anyone has an idea why stripslashes(); doesn't strip slashes? I have a form that when it's submitted with a ' sign ads slashes to the submit results. I'm taking the variable and sending it through stripslashes(); and yet the slashes remain. You are perhaps thinking it does in-place modification of the argument? ie. stripslashes($a); echo $a; That's not how it works. It returns the stripped string. ie. $a = stripslashes($a); echo $a; -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] stripslashes
Hi all,
if i have an array that is fetching the result to be display
example,
for ($i =1; $i=sybase_num_rows($result); $i++){
$row =sybase_fetch_array($result);
$row[product]
a href=solution.php?id=$row[prob_title]$row[prob_title]/a
$row[description]$row[solution]
where would i put the stripslashes function to get the description?
...
I have tried up and down, but unfortunately am still learning php,
sorry,
Caleb Carvalho
Application Engineer
LoadRunner/APM
-
Enterprise Testing and Performance Management Solutions
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey. GU16 7ST
United Kingdom
Telephone : +44 (0)1276 808300
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes
Caleb Carvalho [EMAIL PROTECTED] wrote:
if i have an array that is fetching the result to be display
example,
for ($i =1; $i=sybase_num_rows($result); $i++){
$row =sybase_fetch_array($result);
$row[product]
a href=solution.php?id=$row[prob_title]$row[prob_title]/a
$row[description]$row[solution]
where would i put the stripslashes function to get the description?
$var = $row[product] . 'a href=solution.php?id=' . $row[prob_title] . '' .
$row[prob_title] .
'/a' . stripslashes( $row[description] ) . $row[solution];
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes
Steve,
Thank you very much,
i will try it now..
Caleb Carvalho
Application Engineer
LoadRunner/APM
-
Enterprise Testing and Performance Management Solutions
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey. GU16 7ST
United Kingdom
Telephone : +44 (0)1276 808300
From: Steve Werby [EMAIL PROTECTED]
To: Caleb Carvalho [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PHP] stripslashes
Date: Thu, 4 Oct 2001 10:47:27 -0400
Caleb Carvalho [EMAIL PROTECTED] wrote:
if i have an array that is fetching the result to be display
example,
for ($i =1; $i=sybase_num_rows($result); $i++){
$row =sybase_fetch_array($result);
$row[product]
a href=solution.php?id=$row[prob_title]$row[prob_title]/a
$row[description]$row[solution]
where would i put the stripslashes function to get the description?
$var = $row[product] . 'a href=solution.php?id=' . $row[prob_title] . ''
.
$row[prob_title] .
'/a' . stripslashes( $row[description] ) . $row[solution];
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] stripslashes strips too much
hi all, i am experiencing a bit of a problem with stripslashes stripping too much data. For example: it will strip abc's - abc has anyone else experienced this? is there a solution? many thanks in advance, christian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes strips too much
I 've got the same problem on many scripts using mysql and forms ... it's hard to handle the ' character.. i'd like some advices too !!! (°-Nayco, //\[EMAIL PROTECTED] v_/_ http://nayco.free.fr - Original Message - From: Christian Haines [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 11, 2001 9:53 AM Subject: [PHP] stripslashes strips too much hi all, i am experiencing a bit of a problem with stripslashes stripping too much data. For example: it will strip abc's - abc has anyone else experienced this? is there a solution? many thanks in advance, christian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Stripslashes question.
Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Thanks in advance. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stripslashes question.
try addslashes instead. You might have better luck. - Original Message - From: Sean C. McCarthy [EMAIL PROTECTED] To: PHP General List [EMAIL PROTECTED] Sent: Monday, September 10, 2001 2:42 PM Subject: [PHP] Stripslashes question. Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Thanks in advance. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stripslashes question.
So sprach »Sean C. McCarthy« am 2001-09-10 um 22:42:51 +0100 : Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Wrong direction :) addslashes($binary) will enable you to put it in a SQL query. Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen Uptime: 16 hours 41 minutes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Stripslashes question.
Hi, Didn't help. I tried it before that is why I tried with addcslashes. What I have done so far is : I have cmp'ed the file before adding slashes and after and it seems that it is eating up the \. Like Pñ\#as renders as Pñ#as after stripingslashes but in the DB is Pñ\\#as. As far as I know it should have converted back from \\ to a single \. By the way I am running 4.0.3pl1 Linux Thanks. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) Jason Bell wrote: try addslashes instead. You might have better luck. - Original Message - From: Sean C. McCarthy [EMAIL PROTECTED] To: PHP General List [EMAIL PROTECTED] Sent: Monday, September 10, 2001 2:42 PM Subject: [PHP] Stripslashes question. Hi all, What will be the way to convert binary information into a string which will get into an SQL query for MySQL? I tried stripcslashes but I got stucked with it. Any help? Thanks in advance. Sean C. McCarthy SCI, S.L. (www.sci-spain.com) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] stripslashes
Hi, Could someone give me an example of using stripslashes with echo and one with .msg in a mail function. TIA Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes
On Wed, 5 Sep 2001 11:20, Gary wrote: Hi, Could someone give me an example of using stripslashes with echo and echo stripslashes($variable_to_strip_slashes_from); one with .msg in a mail function. Not quite sure what you mean by this? -- David Robley Techno-JoaT, Web Maintainer, Mail List Admin, etc CENTRE FOR INJURY STUDIES Flinders University, SOUTH AUSTRALIA No sense being pessimistic. It wouldn't work anyway. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] StripSlashes
On Thursday 10 May 2001 22:11, Sterling wrote:
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line.
If you set magig_quotes_gpc = off in your php.ini you don't need the
stripslashes anymore (just make sure that you use addslashes () on the
data before inserting it into the database).
Which I am currently doing in a function.
So I have two situations.
One:
function scrub_slashes(){
$email = stripslashes($email);
$first_name = stripslashes(first_name);
My method for reading POST data:
/*
* Get variable name from POST request
* Automatically strips slashes when needed
*/
function pbGetPOST ($Name)
{
global $HTTP_POST_VARS;
if (isset ($HTTP_POST_VARS[$Name])) {
if (get_magic_quotes_gpc ()
is_string ($HTTP_POST_VARS[$Name]))
return stripslashes ($HTTP_POST_VARS[$Name]);
else
return $HTTP_POST_VARS[$Name];
}
else
{
return ;
}
}
function GetFormData ()
{
$email = pbGetPOST ('email');
$first_name = pbGetPOST ('first_name');
...
}
I'm not sure if I'm doing this function correctly. From what I
understand I think I need to pass each variable to the function; which
would negate the speedyness of my typing which is what I'm going for
anyway.
function scrub_slashes($email, $first_name, etc){ CODE }
and it'd be called like so $scrub_error = scrub_slashes($email,
$first_name, etc)
Hmm, I think someone else answered that already. But another thing I miss
in your code is the use of 'global' (See
http://php.net/manual/en/language.variables.scope.php)
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
CPU not found. retry, abort, ignore?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] StripSlashes
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line.
Which I am currently doing in a function.
So I have two situations.
One:
function scrub_slashes(){
$email = stripslashes($email);
$first_name = stripslashes(first_name);
$last_name = stripslashes($last_name);
$street1 = stripslashes($street1);
$street2 = stripslashes($street2);
$city = stripslashes($city);
$zipcode = stripslashes($zipcode);
}
I'm not sure if I'm doing this function correctly. From what I
understand I think I need to pass each variable to the function; which
would negate the speedyness of my typing which is what I'm going for
anyway.
function scrub_slashes($email, $first_name, etc){ CODE }
and it'd be called like so $scrub_error = scrub_slashes($email,
$first_name, etc)
I might as well copy paste the $email stripslashes($email); $first_name
= stripslashes($first_name);
in any location that it's needed. It might seem lazy but I really don't
see why I need to dupe the code when I could put it into a function.
Second situation:
Is there a better way to pass all the variables into the function
without typing out each one that's gonna be used in the function?
Am I even using the function correctly?
Am I confusing anyone?
Thanks for any info or advice any can provide.
Thoughts, Comments, Anecdotes?
-Sterling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] StripSlashes
You can make the variables into a class and have the object call the same
function with all its variables.
Or turn magic quotes GPC on (and remove the addslashes() calls)
Oktay Altunergil
-Original Message-
From: Sterling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 10, 2001 4:12 PM
To: PHP List
Subject: [PHP] StripSlashes
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line.
Which I am currently doing in a function.
So I have two situations.
One:
function scrub_slashes(){
$email = stripslashes($email);
$first_name = stripslashes(first_name);
$last_name = stripslashes($last_name);
$street1 = stripslashes($street1);
$street2 = stripslashes($street2);
$city = stripslashes($city);
$zipcode = stripslashes($zipcode);
}
I'm not sure if I'm doing this function correctly. From what I
understand I think I need to pass each variable to the function; which
would negate the speedyness of my typing which is what I'm going for
anyway.
function scrub_slashes($email, $first_name, etc){ CODE }
and it'd be called like so $scrub_error = scrub_slashes($email,
$first_name, etc)
I might as well copy paste the $email stripslashes($email); $first_name
= stripslashes($first_name);
in any location that it's needed. It might seem lazy but I really don't
see why I need to dupe the code when I could put it into a function.
Second situation:
Is there a better way to pass all the variables into the function
without typing out each one that's gonna be used in the function?
Am I even using the function correctly?
Am I confusing anyone?
Thanks for any info or advice any can provide.
Thoughts, Comments, Anecdotes?
-Sterling
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] StripSlashes
On 10-May-01 Sterling wrote:
H-
I'd like to be able to strip the slashes from all the imported
HTTP_POST_VARS.
I found the $string = stripslashes($string); command.
But this becomes very tedious if I have 20 vars and I need to code each
one with its own stripslashes line.
snip
not tested, but try something like:
while (list ($k, $v) =each ($HTTP_POST_VARS)) {
$$k=stripslashes($v);
}
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?
You know, I tried this before sending my email, and it didn't work as you describe. And yes, then I re-checked my .htaccess file, and yes, I had "sybase" turned off. Doh! Kirk -Original Message- From: Rasmus Lerdorf [mailto:[EMAIL PROTECTED]] stripslashes() sees the magic_quotes_sybase setting and behaves accordingly. -Rasmus On Wed, 18 Apr 2001, Johnson, Kirk wrote: With magic_quotes_sybase = on, a single quote in Get/Post/Cookie data gets escaped with another single quote. Is there a function analagous to stripslashes that will strip off the escaping quote? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] stripslashes() equivalent when magic_quotes_sybase = on?
stripslashes() sees the magic_quotes_sybase setting and behaves accordingly. -Rasmus On Wed, 18 Apr 2001, Johnson, Kirk wrote: With magic_quotes_sybase = on, a single quote in Get/Post/Cookie data gets escaped with another single quote. Is there a function analagous to stripslashes that will strip off the escaping quote? TIA Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
